Skip navigation
Menu
End-User Platforms>Windows 7/8

Brute Force Vulnerability in Aprelium's Abyss Web Server

Reported February 12, 2003, by Thomas Adams.

 

 

VERSIONS AFFECTED

 

  • Abyss Web Server 1.1.2 and earlier

 

DESCRIPTION

 

A vulnerability in Aprelium's Abyss Web Server 1.1.2 and earlier can permit an attacker to gain administrative access to the Web server. By connecting to the remote Web management interface at http://abyss_server:9999, the attacker can use a brute-force method to access the server. The attacker can use an indefinite number of attempts to enter a valid username and password, and the software uses no delay to penalize wrong attempts. Abyss has no logging for port 9999 (unlike the access.log file for port 80).

 

VENDOR RESPONSE

 

Aprelium has been notifed and will release a patch or new version that isn't vulnerable to these conditions.

 

CREDIT          

Discovered by Thomas Adams.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019